Lets Explore Site with GovCMS
What is GovCMS?
GovCMS is a Drupal distribution that built using Drupal core along with additional software such as themes, modules, libraries, and installation profiles to enable the quick creation of Australian government websites.
Why use GovCMS?
GovCMS aim is to provide a single solution for unclassified websites using a common codebase and a shared feature set on a scalable and secure list infrastructure.This reduces the technology and compliance burden on government agencies while providing a more cost-effective option for managing websites, allowing agencies to focus on providing high quality content and services to people. You can join in the conversation at the govCMS online Community and be kept up to date on what's happening with the program including events and meetups.
How to use GovCMS?
Currently GovCMS support Drupal 7 & 8 version
Development of GovCMS is currently occurring over at GitHub
Installation - End User
You can download the GovCMS from the above URL and Install on your server as like normal Drupal site
Via Composer Create-Project
Composer will create a new directory called govCMS8 containing a docroot directory with a full govCMS code base therein.
composer create-project --stability dev --prefer-dist govcms/govcms8-project govCMS8
Composer create-project is the same as doing a git clone, followed by a composer install.
Installation from source
git clone -b 1.x email@example.com:govCMS/govCMS8.git
Then develop the site according to your requirement. You can download the GovCMS supported contributed modules from here.
In GovCMS before deployment we need to check our code & security standards and fixed the bugs for IRAP assessment
IRAP stands for Information Security Registered Assessors Program. An IRAP assessor assesses the implementation, appropriateness and effectiveness of your system’s security controls.
The assessment is achieved through two audit stages:
Stage 1 audit identifies security deficiencies which the system owner rectifies or mitigates
Stage 2 audit assesses the residual compliance
Use a tool to fix these bugs.
I have used “Drutiny” https://github.com/drutiny/drutiny, With the help of this "Drutiny" tool, we have selected an existing profile coding standard and prepared automated site audit reports and corrected errors
Install Drutiny via composer
composer require drutiny/drutiny
It generates the reports regarding following points.
- Configuration development module is not installed
- Cron last run
- Cron running regularly
- CSS aggregation is enabled
- Database logging is not installed
- Devel module is not installed
- No duplicate modules found
- Hide errors from screen (log only)
- Core Fast 404 Enabled
- Kint module is not installed
- Automated Cron module is not installed medium
- Backup and Migrate is not installed
- No Experimental Modules in Use
- Drupal Page cache expiry is set
- PHP module is not installed
- Shield module is not installed
- Simpletest module is not installed
- Statistics module is not installed
- Unused modules in the codebase
- Update module is not installed
- Administrator login is locked down (uid:1)
- User registration available to administrators only
- Webprofiler module is not installed
- Content Owned By Drupal's Anonymous User
- Appendix - Successful Assessments
If you give an incorrect profile name, it shows this error
Otherwise it generates the site audit report, Here is the "Drupal 8 Site Audit" profile report.
And when all the bugs are fixed, you can submit the site audit report to the GovCMS Authorization Department and move your site from staging to production.